skills/microsoft/skillopt/skillopt-sleep/Snyk

skillopt-sleep

Warn

Audited by Snyk on Jun 16, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (medium risk: 0.65). Runtime “Harvest” reads the user’s local Claude session JSONL files (~/.claude/projects/*/<session>.jsonl and ~/.claude/history.jsonl); these session contents are outsider-authored free text (e.g., other participants’ messages/comments in those sessions) that the agent then digests and uses in later LLM steps.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 16, 2026, 09:13 AM

Issues

1

Security Audit — snyk — skillopt-sleep